FedRAMP: A challenging path to operational excellence for cloud providers

08

November

“The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.”—FedRamp website

That sounds positive, but getting approved for the FedRAMP certification is far tougher than most cloud providers anticipated. In fact, few organizations are truly capable of making it through the process. As shared by an article in GCN:

“Of more than 80 cloud providers who have applied to go through the FedRAMP certification, more than half are not yet ready to go through the process, according to Kathy Conrad, principal deputy associate administrator with the General Services Administration’s Office of Citizen Services and Innovative Technologies.”

Further, Conrad reported that the government intentionally made the program “rigorous and does not plan to make it any easier.”

In other words, any organization that is capable of obtaining FedRAMP certification has a pretty shiny competitive advantage over other cloud providers. It’s the federal government’s stamp of approval.

So, which organizations are genuinely capable of making it through the FedRAMP certification process?

One reliable measure is how highly an organization rates against the Capability Maturity Model Integration (CMMI) framework. CMMI is a process improvement program that guides businesses into organizational and operational maturity. It is broken up into five levels:

Level 1: Initial — At this stage, processes are not defined and are reactive.

Level 2: Managed — Some processes are defined, but the business is still in a state of reactive mode.

Level 3: Defined — The business starts to move into a state of proactivity, with clearly defined processes and procedures.

Level 4: Quantitatively Managed — Not only are the processes well-defined, but they are measured for quality and efficiency.

Level 5: Optimizing — Mature businesses maintain clear real-time visibility into how their processes are performing and optimize them accordingly.

Our estimation is that companies need to be at Level 4 and well into Level 5 to have a realistic chance of successfully navigating the FedRAMP certification process.

The reality is that FedRAMP will separate the high-level providers from the commodity providers. If you want to compete for any government agency cloud hosting contracts, then the rigorous, costly and tedious process is mandatory.

This article was originally featured on Network World. To see the original post, click here.

Upcoming Events

Event Details

Lifeline Data Centers has an ongoing program for civic leaders, authorities, executives, technology leaders, and influencers in the region to join them for a free lunch and learn at our

Event Details

Lifeline Data Centers has an ongoing program for civic leaders, authorities, executives, technology leaders, and influencers in the region to join them for a free lunch and learn at our Eastgate Facility. At times, we will have a guest speaker, and other times we will have an open forum for our leaders to share challenges and get guidance from other professionals. If you’re interested in speaking at a luncheon, please contact us and let us know.

Event Details

Lifeline Data Centers has an ongoing program for civic leaders, authorities, executives, technology leaders, and influencers in the region to join them for a free lunch and learn at our

Event Details

Lifeline Data Centers has an ongoing program for civic leaders, authorities, executives, technology leaders, and influencers in the region to join them for a free lunch and learn at our Eastgate Facility. At times, we will have a guest speaker, and other times we will have an open forum for our leaders to share challenges and get guidance from other professionals. If you’re interested in speaking at a luncheon, please contact us and let us know.

Our Newsletter

” My inbox is inundated with newsletters and infomercials, so I have to be choosey about what I read and why. I read the Data Center News Digest because it surprises me with thought-provoking information that goes far-beyond what you would expect from a datacenter service provider. ” John Frank, Sr. VP, BrightPoint Subscribe